Spring security 使用JavaConfig进行Spring安全性的简单演示
我的Maven项目有一些集成测试,需要满足一些简单的内存Spring安全性 我有一个基于XML的配置,可以很好地工作,但现在我想将它放在一个基于JavaConfig的配置中:Spring security 使用JavaConfig进行Spring安全性的简单演示,spring-security,spring-java-config,Spring Security,Spring Java Config,我的Maven项目有一些集成测试,需要满足一些简单的内存Spring安全性 我有一个基于XML的配置,可以很好地工作,但现在我想将它放在一个基于JavaConfig的配置中: <!-- A REST authentication --> <http use-expressions="true" pattern="/admin/**"> <intercept-url pattern="/**" access="hasRole('ROLE_ADMIN')" /&
<!-- A REST authentication -->
<http use-expressions="true" pattern="/admin/**">
<intercept-url pattern="/**" access="hasRole('ROLE_ADMIN')" />
<http-basic entry-point-ref="restAuthenticationEntryPoint" />
<logout />
</http>
<!-- A hard coded authentication provider -->
<authentication-manager>
<authentication-provider>
<user-service>
<user name="stephane" password="mypassword" authorities="ROLE_ADMIN" />
</user-service>
</authentication-provider>
</authentication-manager>
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("stephane").password("mypassword").roles("ADMIN");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().authenticated()
.and()
.httpBasic();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("stephane").password("mypassword").roles("ADMIN");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.httpBasic()
.authenticationEntryPoint(restAuthenticationEntryPoint)
.and()
.authorizeRequests()
.antMatchers("/**").hasRole("ADMIN")
.anyRequest().authenticated();
}
但GET请求被拒绝访问:
测试失败:testGreetingSucceedsWithCorrectUserCredentialscom.thalasoft.learnTouch.rest.AdminControllerTest:状态应为:但为:
有线索吗
亲切问候,
Stephane Eybert我可以通过以下配置修复安全性:
<!-- A REST authentication -->
<http use-expressions="true" pattern="/admin/**">
<intercept-url pattern="/**" access="hasRole('ROLE_ADMIN')" />
<http-basic entry-point-ref="restAuthenticationEntryPoint" />
<logout />
</http>
<!-- A hard coded authentication provider -->
<authentication-manager>
<authentication-provider>
<user-service>
<user name="stephane" password="mypassword" authorities="ROLE_ADMIN" />
</user-service>
</authentication-provider>
</authentication-manager>
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("stephane").password("mypassword").roles("ADMIN");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().authenticated()
.and()
.httpBasic();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("stephane").password("mypassword").roles("ADMIN");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.httpBasic()
.authenticationEntryPoint(restAuthenticationEntryPoint)
.and()
.authorizeRequests()
.antMatchers("/**").hasRole("ADMIN")
.anyRequest().authenticated();
}
我缺少.authenticationEntryPointrestAuthenticationEntryPoint和.csrf.disable配置
现在测试如预期的那样通过了